BSA Regulatory Discussion on Emerging Issues Salt Lake City ACAMS Chapter Meeting June 21, 2018
Today s Discussion FinCEN s Customer Due Diligence Rule AML Monitoring Systems Providing Services to Marijuana Related Businesses (MRBs)
FinCEN s Customer Due Diligence (CDD) Rule
The Path Towards the Final CDD Rule 2010 Interagency Guidance compilation of regulations, rulings and guidance covering CIP, private banking and correspondent banking. 2012 2012 2014 2015 FinCEN Advanced Notice of Proposed Rulemaking issued on February 29, 2012. FinCEN invited private sector to weigh in on definitions, current practices, verification and challenges associated with certain products, services and relationships. FinCEN Notice of Proposed Rulemaking issued on July 30, 2014 to address regulatory flexibility analysis, designed to examine the cost-benefit. FinCEN published a Regulatory Impact Assessment and Initial Regulatory Flexibility Analysis on December 23, 2015 with a request for public comment. 2016 2018 Final CDD rule published on May 11, 2016 with applicability date of May 11, 2018. Final CDD rule became effective May 11, 2018. On May 11, 2018, FFIEC released the CDD and Beneficial Ownership sections of the FFIEC BSA/AML Exam Manual.
Four Key Elements of Customer Due Diligence There are four key elements of Customer Due Diligence: I. Customer Identification and Verification II. Beneficial ownership identification and verification Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: Current CIP NEW! 31 CFR 1010.230 III. IV. Understanding the nature and purpose of customer relationships to develop a customer risk profile; and Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk-basis, to maintain and update customer information Amends BSA 5 th Pillar Viewed as restating existing expectations [31 CFR 1020.210]
Definition of a Legal Entity Legal Entity Not A Legal Entity Entity created by filing of public document with domestic or foreign government. Similar entity created by the filing of a public document with a Secretary of State or similar office, or formed under the laws of a foreign jurisdiction. Natural person Sole proprietorships Unincorporated associations Non-registered statutory trusts Other excluded Entities Section 1010.230(e)(2)
Who is the Beneficial Owner? Ownership Prong Individual (persons, not entities) that own directly or indirectly 25% or more of equity interest of a legal entity customer. You can identify up to four individuals under the ownership prong. Control Prong One person with significant responsibility to control, manage, or direct the company. You must always identify one beneficial owner under the control prong.
CDD Rule Observations Reducing the threshold lower than 25% FAQ Question 2: Are there circumstances where covered financial institutions should consider collecting beneficial ownership information at a lower equity interest threshold under the AML program rules with regard to certain customers? A financial institution may reasonably conclude that collecting beneficial ownership information at a lower equity interest than 25% would not help mitigate the specific risk posed by the customer or provide information useful to the financial institution in analyzing the risk. Rather, any additional heightened risk could be mitigated by other reasonable means, such as enhanced monitoring or collecting other information, including expected account activity... In all cases, however, it is important that covered financial institutions establish and maintain written procedures that are reasonably designed to identify and verify the identity of beneficial owners of legal entity customers and to include such procedures in their AML compliance program.
CDD Rule Observations Automatic Loan Renewals and CD Rollovers FAQ Question 12: Are financial institutions required to have their legal entity customers certify the beneficial owners for existing customers during the course of a financial product renewal? Yes. Consistent with the definition of account in the CIP rules each time a loan is renewed or a certificate of deposit is rolled over, the bank establishes another formal banking relationship and a new account is established. because we understand that these products are not generally treated as new accounts by the industry and the risk of money laundering is very low, if at the time the customer certifies its beneficial ownership information, such agreement can be considered the certification or confirmation from the customer and should be documented and maintained as such, so long as the loan or CD is outstanding.
FIN-2018-R002: Certain Products and Services with Automatic Rollovers or Renewals May 16, 2018 Beneficial Ownership Requirements for Legal Entity Customers of Certain Financial Products and Services with Automatic Rollovers or Renewals FinCEN is granting a temporary exception with respect to collecting beneficial ownership on automatic CD rollovers and loan renewals o Began May 11, 2018 o Expires August 9, 2018
CDD Rule Observations Updating existing customer account information FAQ Question 13: Are covered financial institutions required to collect or update beneficial ownership information on customers with accounts opened prior to May 11, 2018, the Rule s applicability date? Financial institutions are not required to conduct retroactive reviews to obtain beneficial ownership information from customers with accounts opened prior to May 11, 2018. The obligation to obtain or update beneficial ownership information on legal entity customers with accounts established before May 11, 2018, is triggered when a financial institution becomes aware of information about the customer during the course of normal monitoring relevant to assessing or reassessing the risk posed by the customer, and such information indicates a possible change of beneficial ownership.
CDD Rule Observations Updating existing customer account information FAQ Question 14: Are covered financial institutions required to obtain or update beneficial information during routine periodic reviews of existing accounts, absent risk-based concerns; that is, are such reviews a trigger for the application of the Rule s beneficial ownership requirements? No. Covered financial institutions do not have an obligation to solicit or update beneficial ownership information as a matter of course during regular or periodic reviews, absent specific risk-based concerns the obligation to obtain or update information is triggered when, in the course of normal monitoring, a financial institution becomes aware of information about a customer or an account, including a possible change of beneficial ownership information, relevant to assessing or reassessing the customer s overall risk profile.
CDD Rule Observations Implementation challenges remain! Questions Contact FinCEN Resource Center o Phone: 1-800-767-2825 o Email: FRC@fincen.gov
The 5 th Pillar - 31 CFR 1020.210 1020.210 Anti-money laundering program requirements for financial institutions regulated only by a Federal functional regulator, including banks, savings associations, and credit unions. A financial institution regulated by a Federal functional regulator that is not subject to the regulations of a self-regulatory organization shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if the financial institution implements and maintains an anti-money laundering program that: (a) Complies with the requirements of 1010.610 and 1010.620 of this chapter; (b) Includes, at a minimum: (1) A system of internal controls to assure ongoing compliance; (2) Independent testing for compliance to be conducted by bank personnel or by an outside party; (3) Designation of an individual or individuals responsible for coordinating and monitoring dayto-day compliance; (4) Training for appropriate personnel; and (5) Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: (i) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph (b)(5)(ii), customer information shall include information regarding the beneficial owners of legal entity customers (as defined in 1010.230 of this chapter).
FFIEC BSA/AML Exam Manual 2014 Manual Customer Due Diligence Guidance Customer Risk Enhanced Due Diligence for Higher- Risk Customers Revised procedures Customer Due Diligence Customer Risk Profile Customer Information Risk-Based Procedures Higher Risk Profile Customers Ongoing Monitoring of the Customer Relationship Beneficial Ownership Requirements for Legal Entity Customers (New Section!)
FFIEC BSA/AML Exam Manual Nature and Purpose Intended to be a baseline understanding of the customer. May include self-evident information about the type of customer, the type of account opened, or the service or product offered. Customer Risk Profile Commonly referred to as the customer risk rating. Customer risk factors is bank-specific, and a conclusion regarding the customer risk profile should be based on a consideration of all pertinent customer information, including ownership information. o Any one single indicator is not necessarily determinative of the existence of a lower or higher customer risk. Actual or anticipated activity in a customer s account can be a key factor in determining the customer risk profile.
FFIEC BSA/AML Exam Manual Ongoing Monitoring The requirement for ongoing monitoring reflects existing practices established to identify and report suspicious activity and, on a risk basis, maintain and update customer information (including beneficial ownership). All accounts must be monitored on a risk-based approach (not just those subject to the final rule). Updates to beneficial ownership should be event-driven as part of normal monitoring, and applies to all legal entity customers, including existing customers. FinCEN acknowledges: change in beneficial ownership is unlikely to be identified through transaction monitoring.
FFIEC BSA/AML Exam Manual - Examination Procedures Customer Due Diligence Review written procedures to determine that the they: o Enable the bank to understand the nature and purpose of the relationship in order to develop a customer risk profile. o Enable the bank to conduct ongoing monitoring. Determine whether the bank has effective processes to develop customer risk profiles.
FFIEC BSA/AML Exam Manual - Examination Procedures Customer Due Diligence Determine whether policies and procedures contain a clear statement of responsibilities. Determine whether policies and procedures have defined how customer information, including beneficial ownership information, is used to meet other regulatory requirements.
FFIEC BSA/AML Exam Manual - Examination Procedures Beneficial Ownership Determine whether the bank has adequate written procedures for gathering and verifying information required to be obtained for beneficial owners of legal entity customers. Determine whether the bank has adequate risk-based procedures for updating customer information, including beneficial ownership information, and maintaining current customer information.
AML Monitoring Systems
AML Monitoring Systems Common Examination Findings Alert Management Supporting documentation Data and/or transaction mapping Rules Customer Risk Ratings Validations
AML Monitoring Systems FFIEC BSA/AML Examination Procedures Suspicious Activity Reporting Section Determine whether the programming of the methodology has been independently validated. Considerations: Roles and Responsibilities Frequency Scope
Providing Banking Services to Marijuana- Related Businesses (MRBs)
MRBs - State Landscape 46 States and 3 territories have passed laws that make marijuana legal for medical purposes. 21 states and two territories have passed comprehensive medical marijuana laws. 17 states have passed CBD/low THC product laws that are not counted as comprehensive medical marijuana programs. 8 states and one U.S. territory have legalized the recreational use of marijuana.
MRBs - Outstanding Guidance The Department of Justice Cole Memo dated 2/14/14 Provided guidance to federal prosecutors concerning marijuana enforcement under the Controlled Substance Act. Rescinded by Attorney General on January 4, 2018. Financial Crimes Enforcement Network (FinCEN) FIN-2014-G001: Clarifies BSA expectations for banks seeking to provide financial services to MRBs. The FDIC looks to assess whether the banks have adequate BSA/AML Compliance Programs and that banks are following the FinCEN guidance.
MRB Program Governance Examination Considerations Does the bank have adequate Board-approved policies and procedures in place as to how to handle MRB accounts and monitor for red flags? Is there a comprehensive risk assessment of the business line? Does the bank have the staffing resources necessary to perform sufficient due diligence and ongoing monitoring on the MRB accounts, particularly given the size, nature, and risk inherent in the individual accounts?
MRB Program Governance Examination Considerations Does employee BSA training include sufficient detail on marijuana-related BSA risks and is the coverage commensurate with the bank s involvement in the industry? Does the bank have adequate resources in place to appropriately monitor the MRB activity? Does management have a contingency plan which includes an exit from the business should there be a change in the policies and forbearances from the Federal and State governments?
QUESTIONS???
Contact FinCEN Resource Center Phone: 1-800-767-2825 Email: FRC@fincen.gov Danielle Norton Email: DaNorton@fdic.gov